By now you will have likely heard the acronym ‘GDPR’. Some of you will have been fretting over the implications for the past year or so. In short, GDPR (General Data Protection Regulation) is new privacy legislation, intended to protect the rights that individuals (within the EU) have over their data. The UK will adopt GDPR as of Friday 25th May 2018.
Grapevine are already committed to responsible handling of our client data. Like many others, we are using the GDPR “deadline” as an opportunity to review our data handling processes. Here are five actions we’re taking as part of this review.
1. Audit of all existing client data and sources
We’ve grown substantially as a business in recent years. Our client base has grown with us and so, therefore, has the volume of data we’re required to handle to allow us to provide the services and solutions we offer. We have now completed an internal audit of all client data and sources, creating an inventory which allows us to see a complete list at a glance, with details of who within our organisation has ownership of each data source and where it can be accessed.
2. Consolidation of client data sources, where possible
Conducting the audit and creating an inventory of data sources also allowed us to consider options for consolidation. We are pleased to have identified some opportunities to consolidate sources as part of this process, as well as the potential for further improvements in the future as we continue to streamline our operations and client services.
3. Introduction of a company policy for handling client data
All of our staff have been briefed on the changes made to how we handle data. The inventory of our client data sources has been made available for all colleagues and support is available via line management for any member of our team unsure of our internal processes around data. We will also continue to share examples of best practice around data handling as part of ongoing staff training and development.
4. Removal of lapsed prospect data
Much of the conversation around GDPR is currently centred around how companies are using prospect data for new business development. We work with reputable providers for the supply of prospect data and have already taken measures in the past two years to change the ways in which we market to prospect data. Ahead of May 2018 we will be removing all lapsed prospect data from our internal records and mailing lists.
5. Review of existing client data to ensure we have the correct contact details for correspondence
It will continue to be necessary for us to keep contact details for our clients in contract with us. Occasionally we will contact our clients via email, phone or post with news and updates related to the products and service they have with us. We will endeavour to make immediate updates to the contact details we retain, should the client require us to. Notifications of changes should be made to the client’s account manager (via email or phone) or via email to email@example.com.
If you would like to learn more about our plans ahead of the GDPR deadline or the ways in which we can help your organisation with compliance for industry regulations (such as GDPR or MiFID II) please don’t hesitate to contact us.